Smarter backfil

app/models/waf_policy.rb

@@ -159,16 +159,30 @@ validate :targets_must_be_array
       return nil
     end
 
-    rule = Rule.create!(
-      waf_rule_type: 'network',
-      waf_action: policy_action.to_sym,
-      network_range: network_range,
-      waf_policy: self,
-      user: user,
-      source: "policy",
-      metadata: build_rule_metadata(network_range),
-      priority: network_range.prefix_length
-    )
+    # Try to create the rule, handling duplicates gracefully
+    begin
+      rule = Rule.create!(
+        waf_rule_type: 'network',
+        waf_action: policy_action.to_sym,
+        network_range: network_range,
+        waf_policy: self,
+        user: user,
+        source: "policy",
+        metadata: build_rule_metadata(network_range),
+        priority: network_range.prefix_length
+      )
+    rescue ActiveRecord::RecordNotUnique
+      # Rule already exists (created by another job or earlier in this job)
+      # Find and return the existing rule
+      Rails.logger.debug "Rule already exists for #{network_range.cidr} with policy #{name}"
+      return Rule.find_by(
+        waf_rule_type: 'network',
+        waf_action: policy_action,
+        network_range: network_range,
+        waf_policy: self,
+        source: "policy"
+      )
+    end
 
     # Handle redirect/challenge specific data
     if redirect_action? && additional_data['redirect_url']